Intelligent network access controller and method

ABSTRACT

An intelligent network access controller for use with a wireless network that provides communications services to subscribers having wireless communications devices includes a multi-protocol interface for receiving and sending digital messaging by the wireless communications devices; an identification module that determines an identity of a wireless communications device; an access module that receives the identity and determines an access level for the wireless communications device; and a locking module that locks selected wireless communications devices to the controller based on the determined access level.

TECHNICAL FIELD

The technical field is wireless communications.

BACKGROUND

A key performance indicator of any wireless network is coverage. Inaddition to providing an evolving set of features to customers, the mostsuccessful wireless networks are those that provide ubiquitous coverageand service to as broad a base of subscribers as possible. Because ofthe emphasis on coverage, these same networks seldom, if ever, providemethods of restricted or controlled access for targeted areas in thenetwork. However, with heightened security concerns, and for otherreasons, targeted wireless access restriction may be an importantconsideration, especially in a localized area, and/or for specific timeperiods.

SUMMARY

An intelligent network access controller for use within a targeted areaor areas provides communications services across some or all relevantwireless technologies and spectrums to subscribers having wirelesscommunications devices. The controller produces the targeted coveragearea, wherein wireless access limitations may be enabled by usinginterfaces for receiving and sending digital messaging by the wirelesscommunications devices; an identification module that determines anidentity of a wireless communications device; an access module thatreceives the identity and determines an access level for the wirelesscommunications device; and a locking module that implements logic thataccepts, releases, or allows service to selected wireless communicationsdevices to the controller based on the determined access level.

A method for restricting access to wireless communications to and from awireless network comprises the steps of provoking access to theintelligent network access controller through a registration request orcall/text message/or data session initiation from a wirelesscommunications device; determining a category of the wirelesscommunications device; if the determined category is a first category,accepting the access of the device to the intelligent network accesscontroller and thus locking the wireless communications device to thebroadcast signal transmitted by the intelligent network accesscontroller so that access to the wireless network is prevented; and ifthe determined category is a second category, redirecting the wirelesscommunications device to re-attempt access with the wireless network.

DESCRIPTION OF THE DRAWINGS

The detailed description will refer to the following figures in whichlike numerals refer to like items, and in which:

FIG. 1 is a block diagram of a wireless network incorporating anexemplary intelligent network access controller;

FIG. 2 illustrates an exemplary interface for enabling wireless accessrestrictions using the controller of FIG. 1;

FIG. 3 illustrates an exemplary interface for enabling emergency access;

FIG. 4 illustrates a single technology implementation of the controllerof FIG. 1; and

FIG. 5 illustrates a multiple technology implementation of thecontroller of FIG. 1.

DETAILED DESCRIPTION

A key performance indicator of any wireless network is coverage. Themost successful wireless networks are those that have ever-expandingcoverage, independent of time, to provide ubiquitous service to any andall subscribers and roaming users. Because of the emphasis on coverage,these same networks seldom, if ever, operate so as to restrict access.However, with heightened security concerns, and for other reasons,wireless access restriction may be an important consideration,especially in a localized area, and/or for specific time periods.

Current systems that impose some type of wireless access restrictionfunction may employ jamming equipment to block wireless signals in aparticular area. Other systems rely on shutdown of a cell or sector.These current wireless access restriction solutions do not discriminateamong users. Instead, these solutions impose a total prohibition onwireless communications. Furthermore, these current solutions arecomplicated and expensive to invoke. Finally, with these currentsolutions, if a situation requires that certain personnel (e.g.,emergency response personnel) be able to communicate using wirelesscommunications, a secondary communications network must be establishedsince jamming or cell shutdown prohibits all wireless communications fora given technology.

In most cases jamming technology that is deployed works across aspectrum of radio frequencies and jams the use of the entire spectrumregardless of the technology or technologies deployed in the spectrum.So in the case of jamming, a localized communications network must beestablished on its own technology, unique devices, and spectrum furthercomplicating the setup and operations.

Another challenge is that in most areas covered by wirelesscommunications there are typically multiple technologies operating in avariety of spectrum ranges. Jamming solutions and cell turn down areabsolute solutions that do not provide the ability to select on a deviceby device basis the ability to use the wireless communication within thetarget area.

To overcome these limitations with current art wireless communicationaccess restriction solutions, disclosed herein is an intelligent networkaccess controller, and accompanying method, that either permanently ortemporarily limits allowable communications on an existing wirelessnetwork or wireless networks to only a subset of that network's normalusers. Those users not in the subset of allowable users are blocked fromaccess to the wireless network in a specified area normally covered bythe network and/or for a specified time.

The intelligent network access controller provides, on a singleplatform, the necessary components for an end-to-end solution forselective communications restriction across the spectrum of wirelesstechnology, frequency, and access methodology. In an embodiment,wireless users are classified into categories and either allowed toaccess the wireless networks or are prohibited access, on asubscriber-by-subscriber basis. The intelligent network accesscontroller meets the criteria of service restriction that may berequired in specific areas, while allowing selected individuals wirelesscommunications access to wireless networks in those same areas. Thus,the intelligent network access controller eliminates the need to overlayadditional communications systems to provide targeted localized wirelesscommunications. The intelligent network access controller implements itsservice across both commercial as well as private wireless networks.

The intelligent network access controller is particularly useful incertain permanent facilities such as embassies, government facilities,prisons, military installations, stadiums and arenas, hospitals, publictransportation facilities, landmarks, and in temporary applicationsincluding disaster recovery operations and homeland security operations.In short, the intelligent network access controller can be used in anysituation or at any facility or locale to establish a controlledwireless communications environment whereby only selected individualscan access a wireless communications network.

FIG. 1 is a block diagram of a wireless communications network thatincorporates an exemplary intelligent network access controller andother wireless network components to provide access restrictionfeatures. In FIG. 1, wireless network 10 includes switching center 50and base stations 60, through which devices 20 establish wirelesscommunications. Overlaying the network 10 are directional antennae 30and repeaters 40 that operate in conjunction with intelligent networkaccess controller (INAC) 100, to restrict or to allow wirelesscommunication from and to selected devices 20. The switching center 50includes standard components that may be found in any switching center,including a VLR and a HLR 52, authentication center 54, equipmentidentification register 56, a mobile switching center (MSC) 57, a packetswitch 58 and a short message service center (SMSC) 59. Ordinarily, asubscriber using a device 20 would have that device 20 registered withthe network 10 once the device 10 was within the coverage area of thenetwork 10. However, to provide access restriction on either a temporaryor a permanent basis, the INAC 100, and associated interface 200, whichfacilitates human operator interaction with the controller 100, may beused to “lock” selected devices 20 to the INAC 100 and thus preventaccess to the wireless network 10.

“Locking” the wireless devices to the INAC 100 indicates that thewireless device 20 is tuned to and has been accepted by the local signalbroadcast of the INAC 100. The INAC 100 implements a mimicked signalthat follows the signal patterns, parameters, and characteristics of theunderlying wireless network; however the localized signal is onlyconnected to the INAC 100 and not the wireless network as a whole. Theend result is a wireless device that has the appearance of operating onthe wireless network; however by virtue of the wireless device 20 beingtuned to the local INAC 100 signal, the wireless device 20 is by default“locked” from access to the wireless network outside of the INAC 100.

A “device” or “wireless device” includes any wireless access mechanismincluding wireless handheld devices used for communications and laptopcomputers, personal digital assistants, or other computing device thatincludes wireless access technology.

A “wireless network” includes networks that provide commercial orprivate wireless access for voice, text, and or data access.

The INAC 100 may be implemented as an adjunct to the wireless network10, as an integrated feature within the wireless network, or may beimplemented as a standalone device that is independent of any specificwireless network.

The INAC 100 may be implemented as software, hardware, or a combinationof hardware and software. The INAC 100 may be implemented on a suitablyprogrammable processor.

The INAC 100 includes equipment identity module 110 that receives andstores identifying information associated with devices 20; access module120 that determines, based on setup or operational mode of the INAC 100,which of the devices 20 are to be allowed access to the wirelesscommunications network 10; locking module 125, which is used to lock adevice 20 to the INAC 100 and to provide indications to the lockeddevice 20 that make it appear that the device 20 actually is registeredwith the wireless network 10; power control module 130, which operatesin conjunction with base station 60, RF distribution equipment 62,amplifiers 64 directional antennae 30 and repeaters 40 to establish thearea subject to the access restrictions imposed by the INAC 100; timingmodule 140, which may be used to impose temporal limitations on theaccess restriction functions; and emergency access module 150, whichoperates to allow certain access types (e.g., emergency 911 calls from awireless device 20) while other access types remain blocked.

The INAC 100 provides discretionary blocking of access to and fromdevices 20 by recognizing differences among the devices 20. In anembodiment, the INAC 100 recognizes three categories of subscriberdevices 20: restricted, allowed, and unknown. Restricted devices arethose that are identified as belonging to subscribers who are to bedenied wireless access (e.g., prisoners, terrorists). Restricted devicesare configured by the INAC 100 so as not to be allowed cellular serviceand access to the wireless network 10. Every device 20 has a uniqueidentifying number or characteristic. If the device identifying numberor characteristic (e.g., subscriber number) is configured to be“restricted,” the INAC 100 accepts that device's access and returns apositive acknowledgement to the device. This creates the illusion, atthe subscriber's device 20, that the subscriber has gained access to andis operating within the wireless network 10, when, in fact, the device20 is locked to the INAC 100 until the device 20 is removed from therestricted access area imposed by the INAC 100. By locking the“restricted” device 20 to the INAC 100, all incoming and outgoingaccesses by the device 20 are prevented while the “restricted” device 20is within the restricted access area.

Allowed devices are those configured in the INAC 100 as to be allowedwireless service. After determining the identity of the device 20, anddetermining that the device 20 is an “allowed” device, the INAC 100redirects the device 20 from the INAC 100 to the appropriate wirelessnetwork 10. This redirection forces the “allowed” device to reattemptaccess on the wireless network 10. Once so redirected, the “allowed”device's subscriber can use the device 20 for normal inbound andoutbound traffic.

Unknown devices 20 are those not specifically configured by the INAC 100as allowed or restricted. Unknown devices 20 may be configured to allownormal wireless network access depending, for example, on a securitylevel requirement at a given location (e.g., for homeland securitythreat conditions of orange and lower, unknown devices are allowedaccess to the wireless network 10).

The INAC 100 operates as a local overlay or underlay of the samefrequency spectrum and configuration as the wireless network 10. Thearea of restricted access can extend to any part of the coverage area ofthe wireless network 10, and such restricted area may be enforced by theuse of the power control module 130, directional antennae 30, andrepeaters 40. Thus, the restricted area under control of the INAC 100may be limited to a building, a sports stadium, or a geographical area,for example. The area of restricted wireless access is not necessarilystatic, and can be changed based on set criteria or at the discretion ofa network operator. The end result is a targeted coverage area that canprovide controlled and deterministic wireless communications access bysubscribers. Once a restricted, or an unknown, subscriber's device 20leaves the restricted access area, the subscriber's device 20re-registers with the wireless network 10 and is no longer controlled(locked) by the INAC 100.

When the subscriber's device 20 is locked to the INAC 100, the lockingmodule 125 operates to ensure that the device's display and apparentoperation are the same as if the device 20 were registered with thewireless network 10. A subscriber who attempts to use a device 20 lockedto the INAC 100 will see a failed access attempt, or similar warning.The subscriber's perception would likely then be that the device 20 wasnot receiving sufficient signal strength to enable wirelesscommunications or the serving wireless network did not have therequisite capacity to service the access request. This further masks thepurpose and operation of the INAC 100. Only after a repeated pattern ofaccess denial is established would the typical subscriber discern therestricted access.

The INAC 100 can be configured to provide various levels of accessdepending on the configuration of the subscriber devices 20 and thelevel of security required for the access. The INAC's operational modemay be changed dynamically, either automatically, or manually. Automaticchanges may be programmed using the interface 200. Examples of automaticchanges are changes programmed into the INAC 100 based on time of day,day of week, or some other calendar-based criteria; the occurrence of aspecific event (e.g., a concert); changes in threat levels (e.g.,homeland security threat conditions—yellow, orange, etc.); and changesin an operational profile or physical location (of the INAC 100 or ofthe wireless device 20) (e.g., an aircraft descending below 10,000 feet,a ship entering port, a train arriving at a station). Manual changes maybe implemented directly by a system operator by using the interface 200.For any of the modes of operation, the INAC 100 provides a loggingmechanism to track all system access attempts and the resulting status.Additionally the INAC 100 provides capability to view the existingdatabase information including the allowed and restricted lists, systemconfiguration, system statistics, and log of system activity.

The INAC's operational modes include disabled, wherein the accessrestrictions imposable by the INAC 100 are suspended; hold all, orvirtual jam, wherein all wireless communications are processed as lockedto the INAC 100; unknown allowed, wherein only known “restricted”devices are locked to the INAC 100; and unknown blocked, in which bothrestricted and unknown devices are locked to the INAC 100. FIG. 2illustrates an exemplary interface 210 produced by the interface 200 andthe INAC 100 for enabling wireless access restrictions. Additionally,the INAC 100 can also operate in a passive mode where all subscriberaccess is redirected to the appropriate wireless network.

As subscribers access the INAC 100, and either are locked to the INAC100 or redirected to the wireless network 10, the INAC 100 capturesaccess information that can be used to generate access reports for eachtype of device 20 (i.e., unknown, bad, or good). The reports provide anorganized analysis as to which users are accessing the system, includingtime period, call duration, and frequency of use. The reports alsoprovide useful information for establishing system databases and use ofthe INAC 100.

An optional feature of the INAC 100 is emergency access override toallow processing of emergency access. Depending on the type ofinstallation and the security requirements, emergency access may need tobe available, and thus may be enabled or disabled. Emergency access canbe configured based on each type of subscriber device; restricted,allowed, or unknown. FIG. 3 is an interface 220 that allows a systemoperator to enable or disable emergency access for each of the threesubscriber device types (restricted, allowed, unknown). When emergencyaccess is enabled, the emergency access module 150 of the INAC 100allows the subscriber's device 20 to be redirected to the wirelessnetwork 10 when that device 20 dials an emergency access number such as911. Upon completion of the emergency access, the subscriber's device 20returns to a locked to INAC condition, as appropriate. When emergencyaccess is disabled, the INAC 100 ignores all call access fromsubscribers whose devices 20 are locked to the INAC 100.

The INAC 100 provides for location sensitive operations, an example ofwhich, as noted above, involves a aircraft. The INAC 100 may beinstalled on an aircraft so that certain devices (e.g., those of crewmembers) may be used for wireless communications at any time.Alternatively, the INAC 100 may be used to control access to wirelesscommunications based on the aircraft's location (latitude, longitude,and altitude) or any aspect or aircraft operation.

The INAC 100 may include an optional security and intercept module 160that is used for lawful intercept of wireless communications using adirect Internet connection (or other available connection type) to amonitoring station. When enabled at the INAC 100, the security andintercept module 160 allows law enforcement personnel to monitor andrecord conversations and data transfers (packet and circuit), callsignaling messages, accessed features, and SMS originated or terminatedmessages for targeted wireless devices that are currently locked to theINAC 100 and allowed localized services on the INAC 100 system.

There are many possible deployment options for the INAC 100. Forexample, the INAC 100 may be implemented as a permanent part of thewireless communications network 10. The INAC 100 also may be implementedas a stand alone device that overlays one or more wirelesscommunications networks so that all wireless communications in aspecific location are capable of some form of access restriction. Oneexample of this wireless feature is to establish an INAC 100 at abuilding, a facility, or a campus.

Installation of the INAC 100 as part of a network, or as a standalonedevice can be permanent or temporary. For example, the INAC 100 may beavailable as a mobile device, along with the necessary amplifiers, RFdistribution, antennae and repeaters, so that a disaster recoveryoperation may invoke wireless access restrictions in the area where thedisaster recovery is taking place. Upon completion of the disasterrecovery operations, the access limitation area is disestablished.

When the INAC 100 operates to restrict wireless communications by way ofa wireless network, there may still be a need to provide some form ofprivate network communications in the wireless access limited area. Toprovide this additional functionality, the INAC 100 may include aprivate network module 170 that allows for limited wireless voicecommunications using either a commercial technology such as GSM or CDMA,or voice over IP (VoIP) technology, including session initiatedprotocol/unlicensed mobile access (SIP/UMA). As additional wirelesstechnologies become viable, these can be added to the private networksolution as well. The private network module 170 also allows forconnection to a PBX or PSTN.

The INAC 100 may also provide the capability to individually access thelocked wireless devices overtly or covertly thus allowing the exchangeof information or enabling the ability to provoke action from thewireless device.

As noted above, the INAC 100 may be used to control wireless access forone wireless technology, and/or for one frequency range, or for multipletechnologies and frequency ranges. FIGS. 4 and 5 show thisfunctionality, with examples of current wireless protocols illustrated.One skilled in the art will appreciate that other protocols would applyequally, including wireless protocols to be developed in the future. InFIG. 4, the INAC 100 is used to create restricted wireless access area300 as an overly to wireless network 10, where the wireless network 10and the restricted access area 300 are based on GSM 1800 protocols. InFIG. 5, three wireless technologies are shown and, correspondingly,three restricted access areas (300, 300′, 300″). In a furtheralternative, the INAC 100 may be used to create restricted access areasfor only a subset of the protocols of a multi-protocol wireless network.

1. An intelligent network access controller for use with a wirelessnetwork that provides communications services to subscribers havingwireless communications devices, comprising: a multi-protocol interfacefor receiving and sending digital messaging by the wirelesscommunications devices; an identification module that determines anidentity of a wireless communications device; an access module thatreceives the identity and determines an access level for the wirelesscommunications device; and a locking module that locks selected wirelesscommunications devices to the controller based on the determined accesslevel.
 2. The controller of claim 1, wherein the access levels compriseunlimited wireless access, wherein the wireless communications device isredirected to register with one or more wireless networks, and blockedwireless access, wherein alternate (non-controller) wireless networkaccess is prevented.
 3. The controller of claim 2, wherein the wirelesscommunications devices comprise one of allowed, restricted, and unknownwireless communications devices.
 4. The controller of claim 3, whereinthe restricted and unknown wireless communications devices are blockedfrom wireless access.
 5. The controller of claim 3, wherein therestricted wireless communication devices only are blocked from wirelessnetwork access.
 6. The controller of claim 3, wherein the allowedwireless communication devices are redirected to wireless networkaccess.
 7. The controller of claim 3, wherein the allowed and unknownwireless communication devices are redirected to wireless networkaccess.
 8. The controller of claim 3, wherein all wireless communicationdevices are redirected to wireless network access.
 9. The controller ofclaim 2, wherein the identity of the wireless communications device isstored in an equipment identification module of the controller, theequipment identification module including a subscriber profile includingone or more of call features, wireless device protocols, wireless deviceidentification, and personal identification number.
 10. The controllerof claim 1, further comprising a timing module, wherein wireless accessis limited based on calendar-specific information including time of dayand date information.
 11. The controller of claim 1, further comprisinga location module, wherein wireless communication access is limitedbased on a location of the controller.
 12. The controller of claim 1,further comprising a location module, wherein wireless communicationaccess is limited based on a location of the wireless device.
 13. Thecontroller of claim 1, further comprising an emergency access module,wherein emergency access is allowed during otherwise blocked wirelesscommunications access periods.
 14. The controller of claim 1, furthercomprising an emergency access module, wherein emergency access isallowed at otherwise blocked wireless communications access locations.15. The controller of claim 1, wherein the controller is permanentlymounted at a facility.
 16. The controller of claim 1, wherein thecontroller is portable, and wherein when the location of the controlleris changed, a wireless access limitation area associated with thecontroller may change.
 17. The controller of claim 1, wherein thecontroller is portable, and wherein when the location of the controlleris changed, a wireless access limitation area associated with thewireless device may change.
 18. The controller of claim 1, furthercomprising a power control module that interfaces with one or moredirectional antennae, RF distribution equipment, amplifiers, andrepeaters, and wherein an extent of a wireless communications limitedarea is variable.
 19. The controller of claim 1, wherein the controllercontrols wireless communications access at multiple sites.
 20. Thecontroller of claim 1, wherein the controller controls wirelesscommunications access via a single wireless access technology.
 21. Thecontroller of claim 1, wherein the controller controls wirelesscommunications access via multiple wireless access technologies.
 22. Thecontroller of claim 1, wherein the controller controls wirelesscommunications access via a single frequency band.
 23. The controller ofclaim 1, wherein the controller controls wireless communications accessvia multiple frequency band.
 24. The controller of claim 1, wherein thecontroller further comprises an interface to a private network, whereinwithin the wireless communications limited access area, wireless voicecommunications are enabled among selected wireless communicationsdevices.
 25. The controller of claim 1, further comprising a callintercept device, wherein incoming and outgoing communications among thewireless communications devices are monitored and recorded.
 26. Thecontroller of claim 1, wherein the wireless communications devicesinclude a fixed wireless telephone, a mobile device, and a computerhaving a wireless modem.
 27. The controller of claim 1, furthercomprising a private network communications module that operates toestablish a private network for voice communications among wirelessdevices, including wireless devices locked to the controller.
 28. Thecontroller of claim 1, further comprising a private networkcommunications module that operates to establish a private network forvoice communications among wireless devices, excluding wireless deviceslocked to the controller.
 29. The controller of claim 28, furthercomprising: a public switched telephone network (PSTN) interface; and aprivate branch exchange (PBX) interface.
 30. The controller of claim 1,further comprising a user interface, the user interface providing anoperator access to operate the controller and to configure thecontroller to establish access restrictions.
 31. A method, implementedon a suitably programmed processor, for restricting access to wirelesscommunications to and from a wireless network, comprising: provokingaccess from a wireless communications device to register with theintelligent access controller wireless network; determining a categoryof the wireless communications device; if the determined category is afirst category, locking the wireless communications device so thataccess to the wireless network is prevented; and if the determinedcategory is a second category, directing the wireless communicationsdevice to re-attempt access with the wireless network.
 32. The method ofclaim 31, wherein the first category comprises restricted devices andunknown devices, and wherein the second category consists of alloweddevices.
 33. The method of claim 31, wherein the first categorycomprises restricted devices, and wherein the second category consistsof allowed devices and unknown devices.
 34. The method of claim 31,wherein the first category comprises no devices, and wherein the secondcategory consists of restricted devices, allowed devices and unknowndevices.
 35. The method of claim 34, further comprising: receiving anemergency access request from a first category device; determining ifthe first category device is an unknown device or a restricted device;and if the first category device is an unknown device, initiatingemergency access connection through the wireless network.
 36. The methodof claim 34, further comprising: receiving an emergency access requestfrom a first category device; and initiating emergency access connectionthrough the wireless network.
 37. The method of claim 34, furthercomprising: receiving an emergency access request from a first categorydevice; and not initiating emergency access connection through thewireless network.
 38. The method of claim 34, further comprising:receiving an access request from a first category device; and allowingthe access on the intelligent access controller wireless system.
 39. Themethod of claim 34, further comprising: receiving an access request froma first category device; and allowing the access on the intelligentaccess controller wireless system and providing a method of monitoringthe wireless device activity through the transaction.
 40. The method ofclaim 34, further comprising accessing the wireless device overtly fromthe controller.
 41. The method of claim 34, further comprising accessingthe wireless device covertly from the controller.
 42. An intelligentnetwork access controller (INAC) that creates a local wireless networkand that dynamically controls access by wireless devices to a wirelessnetwork underlying the local wireless network, the INAC, comprising:means for registering the wireless devices, wherein the devices areidentified and classified, and wherein the devices comprise one ofallowed, restricted, and unknown; means for dynamically determiningcharacteristic values of the devices; means for dynamically grantingaccess by the devices to the wireless network based on the dynamicallydetermined characteristics of the devices; and means for locking devicesto the local wireless network based on the dynamically determinedcharacteristics.
 43. The INAC of claim 42, wherein the means forregistering comprises means for identifying the devices based on one ormore of phone number and equipment identification number.
 44. The INACof claim 1, wherein the means for dynamically determining characteristicvalues, comprises: means for determining locations of the devices; meansfor determining call features of the devices; and means for determiningrestriction times in the local wireless network.
 45. The INAC of claim1, wherein the local wireless network is established on one of anairplane, a ship, and a train.
 46. The INAC of claim 45, wherein themeans for locking locks the devices to the local wireless network basedon an operational profile of the airplane, ship, or train.
 47. The INACof claim 46, wherein an operational profile of the airplane includes oneof flying, defined as access doors shut, and not flying.
 48. The INAC ofclaim 42, further comprising means for establishing a private networkwithin a RF coverage area the local wireless network.
 49. A method forcontrolling access by wireless devices to a wireless network, comprisingthe steps of: establishing a local wireless network having a determinedRF coverage area as an overlay to the wireless network; detecting whenthe devices enter the RF coverage area of the local wireless network;dynamically determining one or more characteristics of the devices andone or more characteristics of the RF coverage area; and based on thedynamically determined characteristics, either: locking the devices tothe local wireless network, or passing the devices to the wirelessnetwork.
 50. The method of claim 49, further comprising registering thedevices with the local wireless network based on one or more of phonenumber and equipment identification number.
 51. The method of claim 49,wherein dynamically determining characteristic values comprises:determining locations of the devices; determining call features of thedevices; and determining restriction times in the local wirelessnetwork.
 52. The method of claim 49, further comprising establishing aprivate network within a RF coverage area the local wireless network.53. A system for controlling access to an existing wireless network,comprising: means for generating a RF signal receivable by wirelessdevices, wherein a local wireless network is created; and a controllercoupled to the means for generating the RF signal, comprising: anidentity_module that identifies wireless devices within a coverage areaof the local wireless network, an access module that determines a levelof access to the existing wireless network, wherein the levels of accesscomprise one of allowed and blocked, and a locking module that lockswireless devices with a blocked level of access to the local wirelessnetwork.
 54. The system of claim 53, wherein the local wireless networkis established in a building.
 55. The system of claim 53, wherein thelocal wireless network is established in a facility.